Example #1
0
func TestAuth(t *testing.T) {
	a, b, err := netPipe()
	if err != nil {
		t.Fatalf("netPipe: %v", err)
	}

	defer a.Close()
	defer b.Close()

	agent, _, cleanup := startAgent(t)
	defer cleanup()

	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment"}); err != nil {
		t.Errorf("Add: %v", err)
	}

	serverConf := ssh.ServerConfig{}
	serverConf.AddHostKey(testSigners["rsa"])
	serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
		if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
			return nil, nil
		}

		return nil, errors.New("pubkey rejected")
	}

	go func() {
		conn, _, _, err := ssh.NewServerConn(a, &serverConf)
		if err != nil {
			t.Fatalf("Server: %v", err)
		}
		conn.Close()
	}()

	conf := ssh.ClientConfig{}
	conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers))
	conn, _, _, err := ssh.NewClientConn(b, "", &conf)
	if err != nil {
		t.Fatalf("NewClientConn: %v", err)
	}
	conn.Close()
}
Example #2
0
			BeforeEach(func() {
				targetConfigJson, err := json.Marshal(proxy.TargetConfig{
					Address:    sshdListener.Addr().String(),
					PrivateKey: TestPrivatePem,
				})
				Expect(err).NotTo(HaveOccurred())

				permissions = &ssh.Permissions{
					CriticalOptions: map[string]string{
						"proxy-target-config": string(targetConfigJson),
					},
				}

				publicKeyAuthenticator = &fake_authenticators.FakePublicKeyAuthenticator{}
				publicKeyAuthenticator.AuthenticateReturns(&ssh.Permissions{}, nil)
				daemonSSHConfig.PublicKeyCallback = publicKeyAuthenticator.Authenticate
			})

			It("will use the public key for authentication", func() {
				expectedKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(TestPublicAuthorizedKey))
				Expect(err).NotTo(HaveOccurred())

				Expect(publicKeyAuthenticator.AuthenticateCallCount()).To(Equal(1))

				_, actualKey := publicKeyAuthenticator.AuthenticateArgsForCall(0)
				Expect(actualKey.Marshal()).To(Equal(expectedKey.Marshal()))
			})
		})

		Context("when the config contains a user and a public key", func() {
			var publicKeyAuthenticator *fake_authenticators.FakePublicKeyAuthenticator